Skip to end of metadata
Go to start of metadata

Date: 18 Sep 2019

Quarter: Q1-Q4

Minutes Approved as Presented 

This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."


Set goals, objectives or some context for this meeting.

Discussion items


Chaired by EHR               

Joint WG In-depth discussion - EHR hosting SEC, FHIR-I CBCP SOA

Security topics for the agenda

  • PSAF Vol3 Provenance Ballot Outcome - Mike Davis
  • Model-based Transformation Service - Matt Lord
  • GDPR FHIR IG Update - Alex Mense
  • FHIR Connectathon Findings - John Moehrke
  • Sharing with Protections - Mike Davis


Chaired by

Joint FHIR Privacy and Security Topics 


Chaired by

Security hosting CBCP and FHIR-I

FYI: (note 16 CR are approved but not yet applied - sorry, will get to it soon)

  1. couple of projects using compartments and some security tags --
  2. Query is Execute - explained
  3. Audit recommendation to include subject/patient whenever possible
  4. inclusion of ISO lifecycle events 
  5. add a query parameter on Provenance activity
  6. add to Provenance pointers to known IG starting with QEDm
  7. add to auditEvent a severity element
  8. add reference to security model - udap
  9. improve text around Provenance and transform actions
  10. FIx some issues with mapping to DICOM 


  1. classification datatypes and core resources relative to De-Identification
  2. do we need a standardized method to enable provisioning of a patient user identity? 
  3. Provenance and relevantHistory -
  4. Query on when guidance is to use versioned id in -- grahame has indicated that servers should know to index only the non-version portion of the id in .target. Which then brings up the question of how to find the specific Provenance for a specific version, which is to be handled as a client side inspection of the full results for the one Provenance with that version in .target. -- not yet a CP
  5. pointing more finegrain at elements within Resource that were modified 
  6. provenance.activity valueset is not useful, needs atleast ehr lifecycle **** 22104 has already agreed to use the codes from audit which include lifecycle. So what more is needed, and if more is needed it should be added to the one valueset not have divergent valuesets.
  7. any other open issue 

Vocabulary synchronization issues***. security tag for "COPY" -- is this vocabulary ready to be used?


Chaired by Alex Mense

GDPR Session

  • GDPR FHIR IG - Alex Mense

Action items